BS ISO/IEC 30124:2015 pdf download-Code of practice for the implementation of a biometric system.
A biometric system, in comparing biometric features, does not actually identify individuals. Any perception of identity is only ever obtained by reference to some earlier registration and enrolment process where non- biometric data are collected and linked to the biometric data. It is therefore more accurate to use the term biometric recognition rather than identification and for that reason this Standard will use recognition as the preferred term. Biometric recognition differs from other recognition methods such as smart cards, photo ID, PINs, passwords or memorable information (e.g. birth date or mother’s maiden name). It uses biometric characteristics that are strongly linked to the individual being recognized (the “subject”, e.g. customers accessing a service, employees gaining access to a building and people obtaining lunches in a canteen). This provides a higher level of confidence in the person making the claim, provided that systems are well-designed, implemented correctly and operated in a secure way. Subject to such provisos, a biometric recognition service can operate remotely from the individual, making it more convenient, and not revealing any other personal details. Remote operation (example use of face recognition cameras for access control) can have privacy implications. Adequate signage should be provided and may be required by law. ISO/IEC 24714-1 discusses issues of the interaction of end-users and the public with biometric systems and gives recommendations on how to address those issues. For example the following concerns have been raised: • fears that biometric data could be used for purposes other than those consented to by the subject, for example, providing an unauthorized link between different applications or unapproved third party access resulting in unforeseen consequences for the subject; • fears that biometric data will not be held securely; and • the perception that medical or other sensitive information could be obtained from biometric data.